Date: Mon, 19 May 2014 03:08:56 -0400 (EDT) From: cve-assign@...re.org To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE request for buffer overrun in CHICKEN Scheme -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I would like to request a CVE for a buffer overrun bug in CHICKEN Scheme > which is very similar to CVE-2013-4385. It affects a very particular, > not very common use of the read-u8vector! procedure. If given a buffer > and #f (the Scheme value for "false") as the buffer's size (which should > trigger automatic size detection but doesn't), it will read beyond the > buffer, until the input port (file, socket, etc) is exhausted. This may > result in the typical potential remote code execution or denial of > service Use CVE-2014-3776 for this "should trigger automatic size detection but doesn't" issue that has a resultant buffer overflow. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTea2nAAoJEKllVAevmvmsDLcIAJdrjm3SKzzVZNSil/uS5O8R L4AisRKJlVBvsCG3QcYeabzo8EbmLLDFqOlmISAi/MPhU0mX1ShXJ4luENfHxCBp FrHjXnnpS3oppIbSdcl5o3at1PnVGJevSNVHnMBK4Ou3qgnMlwWJWD8n5GC3/YaH YaHyFUvaObvuEMaFBIZw6wBMk5+dIerW6ElMh8GvBkWecqovKdDC+YsrH0tnYDUN K3ICeWx8LY7M1eeIdfvhbCHhOYamogJ4ws/V4rbG+5kzeHwSFhRSxAUNIUU1WbZV 1k45rmStE35kIFFxzmTH/dAuLk7Fn3B3+vbSDvCsyhFwhSYOLb01wuG+UYnSlAs= =sBKu -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.